Using SSH without a Password
How to Run to Create SSH keys for Remote Acess to Computers
Dec 16, 2008
SSH (Secure Shell) is a tool (or rather a set of tools) that enables a computer user to make a connection from one computer to another and, most importantly, it enables them to do it securely - all of the traffic is encrypted (unlike ftp, rlogin or telnet).
Once a connection has been made then the user can run any of the applications on the remote computer just as if they were on the local computer. However, there is a drawback - a password must be entered every time that SSH is used. Unless, of course, a SSH key is being used.
Using SSH to Run a Computer Program
Running a command via SSH is not very different from running it without SSH; take, for example, the top command which provides details of current tasks and the system load - this can be run by entering the following on the command line:
This :
- runs top in non-interactive mode (-b)
- runs top only once instead of updating the screen (-n 1)
- returns only the first line (head -1)
And so the output would be something like:
To run the same command on a remote computer (in this case by user bainm accessing a computer named Hector) the following would be used:
However, this time the response would be:
It's only after the correct password has been entered that the command will run - which means that SSH is not suitable for use in shell scripts since some user interaction is required. The solution is to use a SSH key.
Generating SSH Keys
The SSH key is created on the client machine by a user and then copied to the host, and it is generated by using the ssh-keygen command using DSA (Digital Signature Algorithm):
The program will now ask for the location for the key creation:
And then a passphrase is requested - this should be left blank:
And then the public key will be created:
Your identification has been saved in /home/bainm/.ssh/id_dsa.
Your public key has been saved in /home/bainm/.ssh/id_dsa.pub.
The key fingerprint is:
12:34:a1:56:1a:b2:78:2b:90:10:3c:11:12:4d:13:14 bainm@paris
If the SSH directory is examined then two new files will be found:
It's the id_dsa.pub that must be passed to the host computer.
Distributing SSH Keys
The SSH key can be distributed by copying it to the host computer:
And then it must be appended to the host's ~/.ssh/authorized_keys2 file:
The user can now use SSH to access the host computer from the client computer without having to enter a password.
Using SSH with a Key to Run a Computer Program
With the SSH key installed on the host any program on the host can be run from the client:
Meaning, of course, that SSH can now be used in a shell script without any user intervention.
Summary
Normally SSH required a password to be entered when any commands are sent to a host computer. However, a key can be generated for the client using ssh-keygen and, once that key has been passed to the host, the password is no longer required - of course each user must generate their own key for each client being used.
 |
 |
